Menu
That is to say: How to evaluate the password lookup only once?
- name: Demo
hosts: localhost
gather_facts: False
vars:
my_pass: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
tasks:
- debug:
msg: "{{ my_pass }}"
- debug:
msg: "{{ my_pass }}"
- debug:
msg: "{{ my_pass }}"
each debug statement will print out a different value, e.g:
PLAY [Demo] *************
TASK [debug] ************
ok: [localhost] => {
"msg": "ZfyzacMsqZaYqwW"
}
TASK [debug] ************
ok: [localhost] => {
"msg": "mKcfRedImqxgXnE"
}
TASK [debug] ************
ok: [localhost] => {
"msg": "POpqMQoJWTiDpEW"
}
PLAY RECAP ************
localhost : ok=3 changed=0 unreachable=0 failed=0
ansible 2.3.2.0
489
Usage of variables like "{{ inventory_hostname }}" in the filepath can be used to set up random passwords per host, which simplifies password management in "host_vars" variables. A special case is using /dev/null as a path.
You can use ansible-vault for using secret keys in playbooks. Define your password in yml. And then you can use your variables where you want. No one can read them without vault-key.
If you used default options and the prompt password source when encrypting the data used in this playbook, you can use the option --ask-vault-pass to make Ansible prompt you for the password: ansible-playbook myplaybook. yml --ask-vault-pass.
Use set_fact to assign permanent fact:
- name: Demo
hosts: localhost
gather_facts: False
vars:
pwd_alias: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
tasks:
- set_fact:
my_pass: "{{ pwd_alias }}"
- debug:
msg: "{{ my_pass }}"
- debug:
msg: "{{ my_pass }}"
- debug:
msg: "{{ my_pass }}"
I've been doing it this way and never had an issue.
- name: Demo
hosts: localhost
gather_facts: False
tasks:
- set_fact:
my_pass: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
- debug:
msg: "{{ my_pass }}"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
